CVE-2014-7816CVE-2014-7816

Affected configuration(s):

cpe:/a:redhat:undertow:1.0.16
cpe:/a:redhat:undertow:1.1.0:cr4
cpe:/a:redhat:undertow:1.2.0:beta2

Date published: 2014-12-01T10:59:06.610-05:00

Date last modified: 2015-03-04T11:41:08.017-05:00

CVSS Score: 5.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://seclists.org/oss-sec/2014/q4/830

Summary: Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. (dot dot) in a resource URI.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.